'First' Ethereum Decompiler Launches With JP Morgan Quorum Integration

What could be the first-ever ethereum smart contract decompiler was demoed at a hacker event in Las Vegas on Thursday.

AccessTimeIconJul 27, 2017 at 8:15 p.m. UTC
Updated Sep 13, 2021 at 6:46 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

The ethereum virtual machine (EVM) now has what appears to be its first ever decompiler designed to revert smart contracts into source code.

Announced onstage today by the founder of cybersecurity startup Comae Technologies at the DefCon hacker conference in Las Vegas, the open-source EVM decompiler was designed to make it easier to identify bugs in ethereum smart contracts.

Coming at a time when a string of ethereum hacks have exposed the difficulty of writing secure smart contract code, the decompiler, called Porosity, promises to let developers revert difficult to understand EVM bytecode back to its original state.

Porosity developer and Comae founder, Matt Suiche, told CoinDesk:

"The initial problem I was trying to solve by writing a decompiler is to be able to have the actual source code, without having access to the actual source code by reverse engineering."

Also announced today, Porosity is now integrated with JP Morgan's open-source Quorum blockchain created for enterprise-grade solutions, and it will now be available on the bank's Github page.

Tested with the help of some of JP Morgan's own engineers, Porosity and Quorum are expected to be packaged together to help run real-time smart contract security checks. The bundle, integrated directly into the Go-language ethereum implementation geth "out of the box," incorporates security and patching processes for private networks with formal governance models.

JP Morgan blockchain lead Amber Baldet described to CoinDesk what she believes is the significance of the technology, stating:

"Porosity is the first decompiler that generates human-readable Solidity syntax smart contracts from Ethereum Virtual Machine bytecode"

A time of need

While Suiche said he's new to blockchain, the serial entrepreneur who sold his previous startup to VMware was rather well prepared to build the decompiler.

As a reverse engineer, Suiche is familiar with starting with a product, and figuring out how to strip it down to its most basic parts.

Porosity
Porosity

So in February, when he began researching ethereum smart contracts in depth, he almost accidentally built the decompiler as part of his own personal research.

As Porosity's launch comes in a month when ethereum smart contracts written for CoinDash, Parity and Veritaseum have all been hacked, Suiche thinks his chosen profession as a reverse engineer is about to see increased demand.

"The security community in ethereum is going to grow," he said "And we're going to see more and more reverse engineers."

The business of decompiling

Still, there's more to the business motivations driving decompiler use than just ensuring your funds remain secure.

Because vulnerabilities are frequently discovered long after a smart contract is implemented, an EVM decompiler can also bring peace of mind to investors, according to Alex Rass, CEO of customer software provider and cybersecurity consultant firm ITBS LLC.

According to Rass, decompilers are common among most "major" programming languages, in part because they help provide investors assurance that what they invested in is what is being used.

Rass said:

"With a decompiler someone with half a brain can go, pull the contract binary code for that contract and see that contract, and provide investors with what they purchased."

Balls of Yarn image via Shutterstock

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is an award-winning media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. In November 2023, CoinDesk was acquired by Bullish group, owner of Bullish, a regulated, institutional digital assets exchange. Bullish group is majority owned by Block.one; both groups have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary, and an editorial committee, chaired by a former editor-in-chief of The Wall Street Journal, is being formed to support journalistic integrity.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.